MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Computer Related Discussions arrow Tips & Tricks arrow Topic: Skype Zeroaccess Trojan system repair - Works 100% | Vista / Windows 7 & 8
April 25, 2019, 02:48:30 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 25, 2019, 02:48:30 PM

Login with username, password and session length
 
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Skype Zeroaccess Trojan system repair - Works 100% | Vista / Windows 7 & 8  (Read 1964 times)
Doctor Smith
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 718


Dumb questions welcomed


Bookmark and Share

View Profile
« on: November 08, 2012, 02:21:55 AM »

The complete solution to the issue I faced when my system got infected by the Skype Zeroaccess Trojan killing OFF my firewall, windows installer, updates and anti-virus program. The below mentioned fix was successful only after I removed the Trojan with a full PC Tools Internet Security (from Pirateg*y) scan done in SAFE MODE...

Make sure that PC is clean(free from zero access rootkit before applying these fixes)

This firewall issue is commonly found on vista and windows 7!


Quote
I have been getting hit with a lot of rogue antiviruses and up till now have been fighting them off, but last night I was hit by a new rendition of "Windows 7 Antivirus 2012".

I got a window saying explorer.exe wanted to make changes to my computer, I would tell it no and each time it would return. In between the constantly returning window I managed to open the task manager, find the process, and end the process. I then found the file and destroyed it with killbox.

Everything seems to be back in working order now, except for the firewall. Every page in the control panel for windows firewall gives me an Administrator button that says use reccomended settings', when I click it it says it can't do that and gives me error 0x800705b4, which I understand to be an authentication error.

The last time I had this I tried to reset my firewall with an admistrator command prompt, it would tell me it could not load wshelper.dll, so I did some stuff I cannot remember to reset my winsock and was then able to reset my firewall and all was good again.

This time when I go into command.com and type 'netsh advfirewall reset' instead of the DLL message, I get 'An error occoured while attempting to contact the  Windows Firewall service. Make sure the service is running and try your request again'.

In my attempts to fix this myself I have been to the device manager. I had it 'show hidden devices' and located my Windows Firewall Authorization driver. I found it had been stopped, and so I started it again. It currently says it is started, but nothing has changed functionally.

I have been into Services as an Administrator; Windows Firewall is not there. I was also told to look for Windows Event Controller and Base Filtering Engine and they are not there either.

I have done an administrator command promtp with sfc /scannow and the first time it said it had made changes and the second time it said everythign was alright but nothing functionally has changed.

I have been told to enter the following command prompts and gotten - the following results

netsh advfirewall reset - error stated above
net start mpsdrv - The requested service has already been started
net start bfe - The service name is invalid
net start mpssvc - the service name is invalid
regsvr32 firewallapi.dll - Popup window stating DllRegisterServer in firewallapi.dll succeeded

no functional change after that.

I have also been told to try:

sc config wuauserv start= auto - [SC] ChangeServiceConfig SUCCESS
sc config bits start= auto - [SC] ChangeServiceConfig SUCCESS
sc config DcomLaunch start= auto - Access is denied.
net stop wuauserv - The Windows Update service was stopped successfully.
net start wuauserv - The Windows Update service was started successfully.
net stop bits - The Backround Intelligent Transfer Service was stopped successfully.
net start bits - The Backround Intelligent Transfer Service was started successfully.
net start dcomlaunch - The requested service has already been started.

I have also tried a system restore, but whatever is screwing with my firewall is also screwing with that an it will not complete successfully.

A Windows XP thread steered me toward a file called, I believe, netfw.inf in my windir folder, related to the firewall. This does not seem to be on my Windows 7 machine and I have been unable to find the Windows 7 equivalent.

So, it appears my firewall is gone, or just pretending to be. I fixxed it last time by making some correction to my winsock but I cannot seem to find the process I used for that. Additionally, Microsoft Security Essentials has dissapeared from my system tray, though otherwise seems to be working fine.

I am confident that this can be fixxed without a wipe and reinstall. Please help.

Auto fix in one...
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

-------------------------------------

Manual method


Download both the registry files...

Windows firewall -  Firewall
http://www.mediafire.com/?317ea53a883288d

Base filtering engine -  BFE
http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now, open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it, select permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

--------------------------------

If you still have this error
Quote
Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5.

Download and launch this key, click YES

Shared access
http://download.bleepingcomputer.com/win-services/vista/SharedAccess.reg

give full control permission to this key similar to previous one

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

Right click on it, select permissions

Click on Add and type

Everyone and select Full control

You should able to start firewall now...

------------------------------------------

You may also be missing security center, windows defender ,BITS and windows update services

Download

Security center  -wscsvc
http://download.bleepingcomputer.com/win-services/7/wscsvc.reg

Windows defender - windefend
http://download.bleepingcomputer.com/win-services/7/WinDefend.reg

BITS    -  BITS
http://download.bleepingcomputer.com/win-services/7/BITS.reg

Windows update  -  wuauserv
http://download.bleepingcomputer.com/win-services/7/wuauserv.reg

Launch them and click YES when you get a UAC prompt

Good luck


Source:
Code:
http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/5366225a-46e7-4d6c-a389-8bd18a5c3aad
Logged




Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page March 06, 2019, 05:41:20 AM